Which IIQ version are you inquiring about?
8.3
Details about the problem.
Hi Experts,
Configuring Delta Aggregation for Multi Domain AD Application
Issue: For Deleted Accounts, Delta Aggregation (with deltaIterationMode - ‘dirSync’) is not pulling and updating/removing application links from the users in IIQ.
Delta Configuration:
deltaIterationMode is set to ‘dirSync’
deltaAggregation key has all the necessary entries (lastDirsyncServer, groups_cookie, users_cookie), for each domain.
Pre-requisite - Replicating Directory Changes Permission is granted.
Aggregation Task Configuration:
Only create links if they can be correlated to an existing identity - Checked
Enable Delta Aggregation - Checked
Detect deleted accounts - Checked
Disable optimization of unchanged accounts - Checked
For testing, user account is deleted from the AD end system. And in IIQ, Delta Aggregation task gets completed with no errors, however it doesn’t scan any account and does not update to remove user’s application link.
Suspecting that the service account used may not have Read Permission to the Deleted Object Container (Pre-requisites for Delta Configuration with dirSync option). Working to find that out.
However, other than that, what else could have caused this issue?
Your thoughts are greatly appreciated.
FYI: During Full Aggregation, the deleted accounts get successfully pulled and updated to remove user’s application link.
Thank you.